﻿using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text;

namespace DH.Web.Filter
{
    /// <summary>
    /// 用户权限过滤器
    /// </summary>
  public  class UserPermissionFilter: ActionFilterAttribute
    {
        public bool Ignore { get; set; }
        public UserPermissionFilter(bool ignore = true)
        {
            Ignore = ignore;
        }
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            if (Ignore == false)
            {
                return;
            }
            //管理员享有所有权限
            var identity= context.HttpContext.User.Identity as ClaimsIdentity;
            var claim = identity.FindFirst("IsAdmin");
            if (claim!=null&&claim.Value=="True")
            {
                return;
            }

            //用户没有权限则提示没有该权限

            var url = "";
            //var controller = context.Controller;
            //var action = context.ActionDescriptor;

            var controllerName= context.RouteData.Values["controller"].ToString();
            var actionName = context.RouteData.Values["action"].ToString();
            url = controllerName + "/" + actionName;

            //判断当前登录用户当前请求资源是否有权限
            ///todo:待完成： 当前用户当前请求资源是否有权限  


            //StringBuilder sbScript = new StringBuilder();
            //sbScript.Append("<script type='text/javascript'>alert('很抱歉！您的权限不足，访问被拒绝！');</script>");
            //context.Result = new JsonResult(new { Content = "很抱歉！您的权限不足，访问被拒绝！" }) ;          


            return;

        }
    }
}
